Revision 61e5c10b
Added by | src/etc/inc/auth.inc | ||
|---|---|---|
| 2156 | 2156 |
|
| 2157 | 2157 |
// Handle HTTPS httponly and secure flags |
| 2158 | 2158 |
$currentCookieParams = session_get_cookie_params(); |
| 2159 |
session_set_cookie_params( |
|
| 2160 |
$currentCookieParams["lifetime"], |
|
| 2161 |
$currentCookieParams["path"], |
|
| 2162 |
NULL, |
|
| 2163 |
(config_get_path('system/webgui/protocol') == "https"),
|
|
| 2164 |
true |
|
| 2165 |
); |
|
| 2159 |
session_set_cookie_params([ |
|
| 2160 |
'lifetime' => $currentCookieParams["lifetime"], |
|
| 2161 |
'path' => $currentCookieParams["path"], |
|
| 2162 |
'domain' => NULL, |
|
| 2163 |
'secure' => (config_get_path('system/webgui/protocol') == "https"),
|
|
| 2164 |
'httponly' => true, |
|
| 2165 |
'samesite' => 'Strict' |
|
| 2166 |
]); |
|
| 2166 | 2167 |
|
| 2167 | 2168 |
phpsession_begin(); |
| 2168 | 2169 |
|
Also available in: Unified diff
Add samesite attribute to cookies. Implement #15729